Social media involves constantly changing security risks that hospitals need to be aware of, according to Tom Pendergast, Ph.D., Chief Strategist at MediaPRO, an e-learning development company.
1. Inappropriate Sharing of Organizational Information
The primary security risk is when an employee inappropriately releases any form of company information. “That could be releasing intellectual property, trade secrets, or patient information,” says Pendergast.
2. Damage to Organization Reputation
At the same time, inappropriate use of social media that damages an organization’s reputation is also a security issue. For example, per Pendergast, an employee may mention a new product release that the marketing department wasn’t ready to announce. “It isn’t a crime, but they’ve just compromised their company’s competitive advantage by doing that,” he notes.
3. Security Issues When Sharing Personal Life Events Include Inadvertent Disclosures
Certain social networks create security risk hotspots, such as Facebook and LinkedIn. LinkedIn encourages employees to talk about what’s happening in their professional lives and thus can create a challenge for hospitals. According to Pendergast, “An employee might upset co-workers by posting a promotion they received when that promotion hasn’t been announced.”
4. Phishing Risks
Workers in industries such as healthcare are at risk for targeted phishing attacks via social media. [NOTE: “Phishing” is defined as requesting confidential information over the Internet under false pretenses in order to fraudulently obtain credit card numbers, passwords, or other personal data.] “They might seek people on LinkedIn or Facebook who work at a specific hospital and send that person malware,” says Pendergast. This includes email messages and web links that can release viruses. “It’s important to teach employees to exercise a lot of skepticism and view with suspicion any unfamiliar attempt to direct you to a website or to solicit information from you,” offers Pendergast.
Ways to mitigate risk include asking employees to create complex passwords and conducting phishing campaigns that send out a fake email to staff to determine who is more prone to fall victim to these attacks. In the end, shares Pendergast, “Because there are so many ways criminals use social engineering to gain access to an individual and an organization, we try to teach people to be more paranoid.”
Learn more about the responsible use of social media in healthcare.